Gotham Security Daily Threat Alerts

August 26, SC Magazine – (International) Zero-day, Angler kit exploits help drive up malvertising by 325%. Security researchers from Cyphort reported study findings revealing that malvertising attacks have increased by 325 percent in 2015, likely due to a combination of frequent zero-day exploits and new technology making the tactic more effective. Source

August 26, Securityweek – (International) New Zeus variant “Sphinx” offered for sales. Malware developers released a new Zeus banking trojan variant called Sphinx that operates fully through The Onion Router (Tor) anonymity network and is designed to work on Microsoft Windows Vista and Windows 7 with User Account Control (UAC) enabled, as well as on low-privilege and “Guest” accounts. The malware has a full feature suite, including Backconnect Virtual Network Computing (VNC) capability, allowing users to transfer funds directly from the infected system. Source

August 26, Threatpost – (International) CERT warns of hard-coded credentials in DSL SOHO routers. The Computer Emergency Readiness Team (CERT) published an advisory warning that certain Digital Subscriber Line (DSL) routers manufactured by ASUS Tek, DIGICOM, Observa Telecom, Philippine Long Distance Telephone, and ZTE contain hard-coded credentials that could allow a hacker to remotely control or access the devices via telnet services. Source

August 26, Threatpost – (International) Researchers uncover new Italian RAT uWarrior. Security researchers from Palo Alto Networks discovered a new fully-featured remote access trojan (RAT) called uWarrior embedded in a rigged Rich Text Format (.RTF) file. After the file infects the system, it downloads a payload and is copied to another directory, where it communicates with a command and control server through an encrypted protocol. Source

August 26, V3.co.uk – (International) Apple iOS Ins0mnia flaw that hides malicious apps revealed by FireEye. Security researchers from FireEye discovered that devices running versions of iOS prior to 8.4.1 are vulnerable to a flaw dubbed Ins0mnia, in which any application could bypass Apple background restrictions, and could allow an attacker to run in the background and steal sensitive user information indefinitely without the user’s consent or knowledge. Source

August 25, IDG News Service – (International) Flaw in Android remote-support tool exploited by screen recording app. Security researchers from Check Point discovered that the Recordable Activator Android app on Google Play was utilizing a recently discovered flaw in the TeamViewer remote support tool dubbed Certifi-gate, in which an attacker could use a rogue app to masquerade as an official tool and take control of an affected device. The app was pulled after having over 500,000 installations Source

August 25, Threatpost – (International) AutoIt used in targeted attacks to move RATs. Security researchers at Cisco discovered that hackers are using the AutoIt task automation freeware to stealthily drop remote access trojans (RATs) that install via malicious macros in Microsoft Word documents. AutoIt is considered a legitimate information technology (IT) administration tool, and is often whitelisted in enterprises. Source

August 25, Associated Press – (California) Audit: California agencies vulnerable to IT security breach. A report released August 25 by the State auditor found that several California agencies were not in compliance with the State’s information technology standards, leaving them vulnerable to potential attacks and security breaches, among other findings. The California Department of Technology responded that it is committed to improving the State’s overall security posture and oversight. Source